CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-10086
https://notcve.org/view.php?id=CVE-2016-10086
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. Servicios web RESTful en CA Service Desk Manager 12.9 y CA Service Desk Management 14.1 podrían permitir usuarios remotos autenticados leer o modificar información de tareas aprovechando permisos incorrectos aplicados a una petición RESTful. • http://www.securityfocus.com/bid/95366 http://www.securitytracker.com/id/1037583 https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170109-01-security-notice-for-ca-service-desk-manager.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 3CVE-2016-2334
https://notcve.org/view.php?id=CVE-2016-2334
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. Desbordamiento de búfer basado en memoria dinámica en el método NArchive::NHfs::CHandler::ExtractZlibFile en 7zip en versiones anteriores a 16.00 y p7zip permite a atacantes remotos ejecutar código arbitrario a través de una imagen HFS+ manipulada. • https://github.com/icewall/CVE-2016-2334 http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html http://www.securityfocus.com/bid/90531 http://www.securitytracker.com/id/1035876 http://www.talosintel.com/reports/TALOS-2016-0093 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8786 – rabbitmq-server: DoS via lengths_age or lengths_incr parameter in the management plugin
https://notcve.org/view.php?id=CVE-2015-8786
The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter. El plugin Management en RabbitMQ en versiones anteriores a 3.6.1 permite a usuarios remotos autenticados con ciertos privilegios provocar una denegación de servicio (consumo de recursos) a través del parámetro (1) lengths_age o (2) lengths_incr. A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large. • http://rhn.redhat.com/errata/RHSA-2017-0226.html http://rhn.redhat.com/errata/RHSA-2017-0530.html http://rhn.redhat.com/errata/RHSA-2017-0531.html http://rhn.redhat.com/errata/RHSA-2017-0532.html http://rhn.redhat.com/errata/RHSA-2017-0533.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/91508 https://github.com/rabbitmq/rabbitmq-management/issues/97 https://github.com/rabbitmq/rabbitmq-server/releases/tag/ • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5553
https://notcve.org/view.php?id=CVE-2016-5553
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar la disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93759 http://www.securitytracker.com/id/1037048 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5606
https://notcve.org/view.php?id=CVE-2016-5606
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones. Vulnerabilidad no especificada en Oracle Sun Solaris 11.3 permite a usuarios locales afectar la integridad and la disponibilidad a través de vectores relacionados con Kernel Zones. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93725 http://www.securitytracker.com/id/1037048 • CWE-284: Improper Access Control •